Professional Documents
Culture Documents
Topic 9 - AF Chapter 5 Slides 2 of 3
Topic 9 - AF Chapter 5 Slides 2 of 3
2
Sources:
- Auditing Fundamentals 2nd Edition: Chapter 5,
pages 152 – 169
- Graded Questions 3rd Edition: Chapter 5
3
5.8.1 Organisational controls and personnel practices
Delegation of responsibility
- Steering committee
- CIO
- IT manager
Segregation of duties
- Between development (technical staff), operations and security is key.
Personnel practices
- Issues to consider: Employing, leave, rotation of duties, training and
dismissals/resignations
Slide 4
3
5.8.2 Systems development and change controls
SDLC
- Request submission, needs assessment and selection
- Planning and design
- Systems development and testing (5 types of testing)
- Implementation
- Post-implementation review
Slide 5
4
5.8.3 Access controls
Distinguish between physical and logical access
Preventative
- Security policy
- Physical access
- Logical access (ID, Authentication and Authorisation)
Detective and corrective
- Logs, registers and reports
Other security controls
- Library
- Communication (Encryption, Firewalls, call-back, anti-virus and
independent certification)
Slide 6
5
5.8.4 Business continuity controls
Risks can be physical or logical
Preventative
- Security policy
- Physical access
- Logical access (ID, Authentication and Authorisation)
Slide 7
6
5.8.5 Operating controls and maintenance
Technical in nature
- Scheduling
- Standards and policies
- Managing data, programs and documentation
- Logs
- Policies for users
Slide 8
7